Sign up to save your podcasts
Or
Share EP 249.5 Deep Dive. Loadsa Money. The IT Privacy and Security Weekly Update for the Week Ending July 1st., 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP 249.5 Deep Dive. Loadsa Money. The IT Privacy and Security Weekly Update for the Week Ending July 1st., 2025
North Korean IT Worker Fraud Scheme:
The U.S. Department of Justice uncovered a covert North Korean operation involving IT workers fraudulently securing remote jobs at over 100 American tech companies using stolen or fake identities. These workers operated within U.S.-based "laptop farms" and created shell companies to obscure over $5 million in illicit earnings. Funds were funneled to the North Korean government, supporting weapons development. The scheme also involved data theft, including sensitive source code from a U.S. defense contractor.
Android 16 Anti-Surveillance Feature:
Android 16 introduces a “network notification” security upgrade that alerts users when their device connects to suspicious or unencrypted cell networks. It specifically guards against fake cell towers, such as stingray devices, by warning users about network requests for identifiers or lack of encryption, enhancing protection from mobile surveillance and forced downgrades to insecure protocols.
Critical Printer Vulnerabilities:
Rapid7 researchers identified eight major vulnerabilities affecting printers from Brother, Ricoh, Toshiba, Konica Minolta, and Fujifilm. The most critical flaw (CVE-2024-51978) lets remote attackers bypass admin authentication by exploiting a companion vulnerability (CVE-2024-51977) that reveals the printer's serial number—used to generate default admin credentials. This enables unauthorized reconfiguration and access to stored sensitive documents.
Microsoft Authenticator Password Phase-Out:
Microsoft will remove password autofill and access features from its Authenticator app starting July 2025. The move supports a transition to passwordless sign-ins using biometrics (e.g., facial recognition, fingerprints) and passkeys, aligning with industry shifts toward stronger, phishing-resistant authentication methods.
NIH Open-Access Research Mandate:
A new U.S. NIH policy mandates that all taxpayer-funded research be freely accessible upon publication. This accelerates an open-access directive initiated under Biden and implemented during the Trump administration. The policy enhances public access to scientific discoveries and may enable AI tools to help interpret complex studies for broader audiences.
Pro-Scottish Independence Account Shutdowns:
On June 12, multiple X (formerly Twitter) accounts advocating for Scottish independence vanished in sync with an Israeli cyber strike on Iran. The timing and scope of internet outages in Iran imply that the accounts were likely Iranian-run disinformation tools designed to destabilize the UK under the guise of grassroots political advocacy.
Facebook Camera Roll Upload Concerns:
Facebook is asking users to opt in to uploading unshared photos from their camera roll to Meta’s servers to enable AI-generated content (e.g., collages). While Meta states that content remains private and isn't used for advertising, users must accept AI Terms that permit facial recognition, retention of loosely defined personal data, and potential human review—raising serious privacy concerns over intimate, unshared images.
Meta’s AI Superlab Push:
Meta has launched “Meta Superintelligence Labs” and is heavily investing in top AI talent, reportedly offering compensation packages in the $10 million range. This underscores Meta's ambition to lead in high-end AI development, marking its entry into the elite tier of the global “AI arms race” beyond consumer-facing chatbots.
View all episodes
By R. Prescott Stearns Jr.
4.5
44 ratings
North Korean IT Worker Fraud Scheme:
The U.S. Department of Justice uncovered a covert North Korean operation involving IT workers fraudulently securing remote jobs at over 100 American tech companies using stolen or fake identities. These workers operated within U.S.-based "laptop farms" and created shell companies to obscure over $5 million in illicit earnings. Funds were funneled to the North Korean government, supporting weapons development. The scheme also involved data theft, including sensitive source code from a U.S. defense contractor.
Android 16 Anti-Surveillance Feature:
Android 16 introduces a “network notification” security upgrade that alerts users when their device connects to suspicious or unencrypted cell networks. It specifically guards against fake cell towers, such as stingray devices, by warning users about network requests for identifiers or lack of encryption, enhancing protection from mobile surveillance and forced downgrades to insecure protocols.
Critical Printer Vulnerabilities:
Rapid7 researchers identified eight major vulnerabilities affecting printers from Brother, Ricoh, Toshiba, Konica Minolta, and Fujifilm. The most critical flaw (CVE-2024-51978) lets remote attackers bypass admin authentication by exploiting a companion vulnerability (CVE-2024-51977) that reveals the printer's serial number—used to generate default admin credentials. This enables unauthorized reconfiguration and access to stored sensitive documents.
Microsoft Authenticator Password Phase-Out:
Microsoft will remove password autofill and access features from its Authenticator app starting July 2025. The move supports a transition to passwordless sign-ins using biometrics (e.g., facial recognition, fingerprints) and passkeys, aligning with industry shifts toward stronger, phishing-resistant authentication methods.
NIH Open-Access Research Mandate:
A new U.S. NIH policy mandates that all taxpayer-funded research be freely accessible upon publication. This accelerates an open-access directive initiated under Biden and implemented during the Trump administration. The policy enhances public access to scientific discoveries and may enable AI tools to help interpret complex studies for broader audiences.
Pro-Scottish Independence Account Shutdowns:
On June 12, multiple X (formerly Twitter) accounts advocating for Scottish independence vanished in sync with an Israeli cyber strike on Iran. The timing and scope of internet outages in Iran imply that the accounts were likely Iranian-run disinformation tools designed to destabilize the UK under the guise of grassroots political advocacy.
Facebook Camera Roll Upload Concerns:
Facebook is asking users to opt in to uploading unshared photos from their camera roll to Meta’s servers to enable AI-generated content (e.g., collages). While Meta states that content remains private and isn't used for advertising, users must accept AI Terms that permit facial recognition, retention of loosely defined personal data, and potential human review—raising serious privacy concerns over intimate, unshared images.
Meta’s AI Superlab Push:
Meta has launched “Meta Superintelligence Labs” and is heavily investing in top AI talent, reportedly offering compensation packages in the $10 million range. This underscores Meta's ambition to lead in high-end AI development, marking its entry into the elite tier of the global “AI arms race” beyond consumer-facing chatbots.
More shows like The IT Privacy and Security Weekly Update.
View all
The Daily
111,864 Listeners
Cyber Security Headlines
127 Listeners
The Ezra Klein Show
15,237 Listeners